Reported

December 2, 2022

Issued

December 27, 2022 (last modified: June 13, 2023)

Package

prettytable-rs (crates.io)

Type

INFO Unsound

Keywords

#tab #table #format #pretty #print

Aliases

• GHSA-gfgm-chr3-x6px

References

• https://github.com/phsym/prettytable-rs/issues/145

Patched

• >=0.10.0

Description

In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:

1. To guarantee the size is correct, we have to first do Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB.
2. Even if (1) is sound, &Vec<T> and &[T] still might not have the same layout. Treating them equally may lead to UB.

Advisory available under CC0-1.0 license.